Re: LSM Patch Additions for CAPP (C2) Audit Trails

• Previous message: Crispin Cowan: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: Chris Wright: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Reply: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 06, 2001 at 08:55:00AM -0400, Stephen Smalley wrote:
> 
> Could you clarify about the capabilities module?  From your description
> above, it sounds like Ted agreed that we shouldn't move the base
> kernel logic out to a module, but it isn't clear if that also
> includes the core capabilities logic.  If Ted indicated that we
> shouldn't move even the core capabilities logic out into a module,
> then we need to revert those changes, because we have already moved
> some of that logic.

What do you mean by "core capabilities logic" and "base kernel logic"?

As I recall, what I said was that if people wanted to change the
"capable" function so that it got called out to a module, that's the
sort of thing which *could* be done via #ifdef.  Linus in general
won't mind an #ifdef in a header file which changes something like
capable() for its existing definition to one which gets implemented
via a module.  There will be a minor performance hit by doing it in
the module, caused by two things (1) the procedure activation cost,
and (2) the fact that the entire kernel uses a single TLB entry, but
each 4k page in module text requires its own TLB entry (and a
potential TLB miss).  I doubt these issues will actually be a major
issue, but then again, I didn't see a major advantage in doing it in a
separate module, either.  Still if someone wanted to experiment with
moving the capable() check to a module, it'd be pretty harmless to do
it via an #ifdef CONFIG_XXX test.  I don't think moving it out to a
module would be considered a major win or a major turnoff as far as
deciding whether or not the patches were acceptable.

If what you mean is by "core capabilities logic" is the code to manage
the capability mask settings, sure that can be moved out to a module.
(I assume that it will be possible to have modules linked directly
into the kernel for those people who don't want to use modules, yes?)

						- Ted


_______________________________________________
linux-security-module mailing list
linux-security-moduleat_private
http://mail.wirex.com/mailman/listinfo/linux-security-module

• Next message: David Wagner: "Re: Hooks, authority, MAC, the future and proposol"
• Previous message: Crispin Cowan: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• In reply to: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Next in thread: Chris Wright: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Reply: Stephen Smalley: "Re: LSM Patch Additions for CAPP (C2) Audit Trails"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 08 2001 - 23:03:29 PDT